84 lines
3.0 KiB
Plaintext
84 lines
3.0 KiB
Plaintext
[DEFAULT]
|
|
debug = {{ options.debug }}
|
|
|
|
[health_manager]
|
|
heartbeat_key = {{ options.heartbeat_key }}
|
|
|
|
[database]
|
|
{% include "parts/database" %}
|
|
|
|
[controller_worker]
|
|
{% if options.amp_image_owner_id -%}
|
|
amp_image_owner_id = {{ options.amp_image_owner_id }}
|
|
{% endif -%}
|
|
{% if options.amp_secgroup_list -%}
|
|
amp_secgroup_list = {{ options.amp_secgroup_list }}
|
|
{% endif -%}
|
|
{% if options.amp_flavor_id -%}
|
|
amp_flavor_id = {{ options.amp_flavor_id }}
|
|
{% endif -%}
|
|
{% if options.amp_boot_network_list -%}
|
|
amp_boot_network_list = {{ options.amp_boot_network_list }}
|
|
{% endif -%}
|
|
{% if options.amp_ssh_key_name -%}
|
|
amp_ssh_key_name = {{ options.amp_ssh_key_name }}
|
|
{% endif -%}
|
|
{% if options.amp_image_tag -%}
|
|
amp_image_tag = {{ options.amp_image_tag }}
|
|
{% endif -%}
|
|
amp_active_retries = 180
|
|
# This certificate is installed on the ``Amphorae`` and used for validating
|
|
# the authenticity of the ``Octavia`` controller.
|
|
client_ca = {{ options.controller_cacert }}
|
|
network_driver = allowed_address_pairs_driver
|
|
compute_driver = compute_nova_driver
|
|
amphora_driver = amphora_haproxy_rest_driver
|
|
loadbalancer_topology = {{ options.loadbalancer_topology }}
|
|
|
|
[certificates]
|
|
# NOTE(fnordahl) certificates for authentication between Octavia controllers
|
|
# and its Amphorae instances are issued locally on the Octavia controller.
|
|
#
|
|
# At the time of this writing this is the only supported alternative upstream
|
|
# after the retirement of the Anchor project [0].
|
|
#
|
|
# Note that these certificates are not used for any load balancer payload data
|
|
#
|
|
# 0: https://review.openstack.org/#/c/597022/
|
|
cert_generator = local_cert_generator
|
|
# This certificate is used to issue individual certificates for each
|
|
# ``Amphora`` and to validate their authenticity when they connect to the
|
|
# ``Octavia`` controller.
|
|
ca_certificate = {{ options.issuing_cacert }}
|
|
ca_private_key = {{ options.issuing_ca_private_key }}
|
|
ca_private_key_passphrase = {{ options.issuing_ca_private_key_passphrase }}
|
|
|
|
cert_manager = barbican_cert_manager
|
|
|
|
[haproxy_amphora]
|
|
# This certificate is used by the ``Octavia`` controller to validate the
|
|
# authenticity of the ``Amphorae`` connecting to it.
|
|
server_ca = {{ options.issuing_cacert }}
|
|
# This certificate is used by the ``Octavia`` controller when it takes on the
|
|
# role as a "client" connecting to the ``Amphorae``.
|
|
client_cert = {{ options.controller_cert }}
|
|
|
|
[service_auth]
|
|
auth_type = password
|
|
auth_uri = {{ identity_service.service_protocol }}://{{ identity_service.service_host }}:{{ identity_service.service_port }}
|
|
auth_url = {{ identity_service.auth_protocol }}://{{ identity_service.auth_host }}:{{ identity_service.auth_port }}
|
|
project_domain_name = {{ identity_service.service_domain }}
|
|
user_domain_name = {{ identity_service.service_domain }}
|
|
project_name = {{ identity_service.service_tenant }}
|
|
username = {{ identity_service.service_username }}
|
|
password = {{ identity_service.service_password }}
|
|
|
|
{% include "parts/section-keystone-authtoken" %}
|
|
|
|
[oslo_messaging]
|
|
topic = octavia
|
|
|
|
{% include "parts/section-rabbitmq-oslo" %}
|
|
|
|
{% include "parts/section-oslo-middleware" %}
|